The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

This innovative education and training program includes the following key elements:

An introduction to the key components of the NIST Cybersecurity Framework

How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy

An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications

How to use the Framework to protect critical information assets

A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program

A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report

The class will help individuals and organizations acquire knowledge, skills, and abilities to:

Develop a strategy to apply the NIST Cybersecurity Framework to their environment

Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework

Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed

Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps

Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps

Identify required workforce skills and develop career pathways for improving skills and experience

About the instructor:

Larry Wilson is the CISO for UMass President’s Office since 2009.

Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.

Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.

Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.

We all know that the safety of flight is a succession of three major components; regulatory compliance, pilot training and experience, and aircraft maintenance. If any of these components fail, an accident is bound to happen. Now imagine you boarding a private jet, what do you know about the pilots up front, the maintenance and compliance history of the aircraft you just boarded, and the company that operates it?

In the industry where each company is responsible for their record keeping, pilots who self-record the hours in their personal logbooks, and maintenance records that are kept on paper or in the desperate software solutions, the Blockchain solves the dilemma of ensuring compliance, adds transparency, and builds trust.

Learn about Blockchain and how it is changing the aviation safety and audit capabilities.

In this presentation we look at FIDO2 closely, discuss some of the challenges with FIDO, and what sort of attack vectors would be on the horizon when the technology picks up. Further, how would Identity providers need to evolve, especially in the context of federated services and the services consumption model.

1. Overview of current strong authentication system attacks and risks.

2. What is FIDO? Public-Pvt key adoption on end devices; risks and challenges.

3. What is the splintered authentication space evolution — tradeoffs and alternatives.

4. Novel solution to MiM as a stand-alone, stop-gap and compliment existing and new FIDO adoption.

Legal obligations attach when a data privacy or security incident occurs. An important component to responding to any data incident requires analysis of various international, state, and sectoral laws and regulations applicable to a given incident. This discussion will highlight the current and future legal climate of incident response.

Join Samuel Sutton—CASP, CISM, and Computer Scientist with the FBI—to discuss some of the dangers to your computers and personal information. This will include some topics to help you make better security decisions.

This will be a walk-through of various computer threats as seen from the FBI perspective.
– Who is targeted?
– Who are the actors?
– Types of attack methods

Information will be shared that will help strengthen your computer world.
– Important statistics
– A few real examples
– Some conceptual models
– Pointers to additional resources

10:30 am

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

10:30 am - 11:15 am

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

11:00 am

Advisory Council Roundtable - (VIP / Invite Only)

Topic: Third Party Risk - Establishing and Managing

Registration Level:

VIP / Exclusive

11:00 am - 12:00 pm

Location / Room: Richmond

This roundtable is for our Advisory Council Members only.

11:15 am

Humio: The Mitre ATT&CK Framework Is for All of Us, and It Is Time to Pay Attention to It

Mitre has created the “Adversarial Tactics, Techniques & Common Knowledge” (ATT&CK) base to help security practitioners understand the actual techniques and tactics that adversaries use against us. The advantage of the ATT&CK base is it allows us to build a framework to understand how we might detect, respond, and prevent many of the tactics. The ATT&CK framework provides for a way for us to map what technologies and procedures we have, and then map any gaps that we have that then can be addressed. The goal in the end is to improve prevention and/or shore up our defenses.

There are numerous cybersecurity products, architectures, and cyber risk management best practices to help harden your enterprise perimeter, improve preventive and detective controls, and mature overall cybersecurity posture. Yet data breaches continue. Could it happen to your business? Would you know it was happening? A pre-breach assessment may provide a quicker answer on a regular basis.

Like the business environment, cybersecurity risk management is complicated. There are multiple variables changing subtly throughout the year. Similarly, expenditures on security skilled people, security related processes, and security technologies are subject to entropy and may lose potency as your company’s cybersecurity risk profile changes. Legacy security activities can lose focus of adapting to emerging security risks in favor of automating routine security activities.

Ask any Security Professional…We never seem to have all the resources or people we need for our Security Programs. It’s just a “fact of life”, so maybe we ought to shift the perspective. Our Security Programs should focus on providing “Good Enough” security for our specific business risks and risk appetite.
This session will present advice and options for establishing a workable security program that fits within the reality of your Organizational and Financial constraints.

12:00 pm

Advisory Council Lunch Roundtable – (VIP / Invite Only)

Topic: Cyber Talent - Building it, Retaining it and Presenting to the Board

In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of real-world cybersecurity and data breach cases. He will share his experience on:
· Why cybersecurity is an overall business risk that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and are affected by personalities and psychology
· How to prioritize limited resources to effectively manage the most likely real-world risks
· How to achieve reasonable cybersecurity
· Why cyber insurance is a critical component of the cyber risk management process

1:30 pm

Panel: Building a Better Mouse Trap (Emerging Threats)

Registration Level:

Open Sessions

1:30 pm - 2:30 pm

Location / Room: Keynote Theater

To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say, but how? By taking a look at the capabilities of the threats we see today, we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing and hoping.

We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.Panelists:
Gregg Braunton, Catholic Health Initiatives
Duwayne Engelhardt, Wallisbank
Eric Botts, Swailes & Company
Manoj Tripathi, PROS
Pulse Secure
Paul Schofield, Ensilo
Ram Yarlagadda, Pulse Secure
Paul Schofield, enSiloModerator: Berris Bramble

2:30 pm

Conference Break / Exhibitor Product Demonstration

Registration Level:

Open Sessions

2:30 pm - 3:00 pm

Location / Room: Exhibitor Floor

Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

2:45 pm

Dash for Prizes and CyberHunt Winners Announced

Registration Level:

Open Sessions

2:45 pm - 3:00 pm

Location / Room: Exhibitor Floor

Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.

3:00 pm

Employer Data Breach Liability: The Employee as a Threat Vector

Learn 6 big decisions organizations must make in response to insider threat

According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime.

There has been considerable effort spent over the decades to achieve a clear separation between the CIO and CISO roles. However, this separation creates inefficiency in the organization, and attempts to separate what is essentially one logical entity—Information Security. This session will start a discussion on the pros and cons of such an approach and propose an integrated approach to security program management.

Steganography is as old as the written word, and can prove it is you by using “Hidden Writing.”

Keynote & Speaker Information

SecureWorld Houston

April 18, 2019

Exhibitors

ACFE Houston

Booth: 500

We are the world’s largest anti-fraud organization and premier provider of anti-fraud training and education. The mission of the ACFE Foundation is to increase the body of anti-fraud knowledge by supporting future anti-fraud professionals worldwide through the funding of the Ritchie-Jennings Memorial Scholarship Program. The scholarship program provides an opportunity for men and women of all ages, races, religions and income levels to advance their education. Many of these outstanding and deserving students go on to become Certified Fraud Examiners.

Bitdefender

Booth: 210

Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

BitSight Technologies

Booth: 820

BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight)

Bugcrowd Inc.

Booth: 520

By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the adversaries do.

Check Point Security

Booth: TBD

Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

EC-Council

Booth:

International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

enSilo

Booth: 600

enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.

Global Cyber Alliance

Booth:

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

GuidePoint Security LLC

Booth: 820

GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

Humio

Booth: 620

Humio is a solution for aggregating, exploring, reporting, and analyzing log data in real-time. It gathers log data from a range of sources and can be deployed in both Cloud and On-Premises environments. Humio’s innovative data storage and in-memory search/query engine technologies provide a cost-competitive log management and analysis solution that requires significantly less hardware, engineering resources, and licensing costs vs. competing solutions. Humio has offices in London, San Francisco, and Aarhus, DK.

The Houston Chapter of InfraGard provides members of the Critical Infrastructure community a means to share information to prevent, protect, and defend against hostile acts against Critical Infrastructure and Key Resources (CIKR). InfraGard is designed to address the need for private and public-sector information-sharing mechanisms at both the national and local levels. It is our goal to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures.

ISACA Houston

Booth: 200

Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area. We conduct chapter meetings the third Thursday of the month that typically includes a morning or afternoon training along with a luncheon meeting/training. We also sponsor SIG group meetings on the same day. Local seminars are held in the spring and fall that include topics of high relevance to our membership community. Certification training is scheduled before each ISACA exam date based on interest level.

Ixia, a Keysight Business

Booth: 220

We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

ISSA South Texas

Booth: 300

The South Texas Chapter of the Information Systems Security Association (ISSA) is a non-profit organization of information security professionals and practitioners. South Texas ISSA provides education forums, publications and peer interaction opportunities which enhance the knowledge, skill and professional growth of its members. This Chapter is affiliated with the international ISSA organization, conforms to its professional and organizational guidelines, and supports the ISSA Code of Ethics. We encourage our members to pursue and maintain formal security certifications in their chosen fields and offer training opportunities to help members meet requirements for continuing education.

Jazz Networks

Booth: 610

Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.

LOG-MD

Booth: 620

IMF Security, the home of LOG-MD is a Windows incident response, auditing, investigation, and hunting tool. LOG-MD helps evaluate Windows audit log configurations, and provides recommendations for logging improvements. LOG-MD in conjunction with a log management solution such as Humio provides a strong Windows detection, investigation, and hunting solution.

Lookout

Booth: 230

Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.

Pulse Secure

Booth: 830

Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 20,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.

Recognizing the unique needs of the industry, SIM collects the intellectual capital of IT leaders nationwide and offers the resources you need to do business better. Membership in the SIM Houston Chapter continues to grow as well as the number of activities both in educational, community, and social programs.

Synopsys

Booth: 510

Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

TechTarget

Booth:

TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

Eugene Kesselman is Founder and CEO of TapJets, the on-demand private jet charter company headquartered in Houston, Texas. Since 2015 the company has been using blockchain ledger technology to conduct its business and since 2016 became the first private aviation company to instantly accept cryptocurrency as a form of payment for its services. As an early adopter of blockchain and cryptocurrency, Mr. Kesselman and his team enjoyed the first-hand experience, trials, and successes of this new and exciting technology segment. They are sharing this knowledge with others thru education and outreach to other IT and Development professionals. Before founding TapJets, Mr. Kesselman spent over 20 years in Information Technology as CIO and various key IT executive roles. Mr. Kesselman received his CISM certification in 2014.

Dr. Chiruvolu is a CISSP/CISM and has spent several years in the security industry and in particular Finance/e-Commerce and Enterprise industries on cloud/SaaS technologies. He is currently Director Information Security and risk management, and has lead several successful programs on several fronts of Information Security, Risk management and Compliance at fortune 500 companies such as Experian, Thomson Reuters, Citi, Capital One, Truesigna Systems, Inc. on application security, secure cloud transformation, vulnerability and threat management. He is passionate about strong user authentication, Identity and Access management and has co-authored over 40 referred technical papers and has 20+ patents. He holds a Ph.D in Computer Science and an MBA in Marketing and Finance.

As a cybersecurity and data privacy attorney in the Dallas office of Spencer Fane LLP, Jeremy Rucker has assisted companies of all sizes in responding to data security and privacy incidents. The expertise of Jeremy and his Spencer Fane colleagues cover several industries including healthcare, banking and finance, insurance, energy, transportation, and manufacturing.

Samuel Sutton is an FBI Computer Scientist. Since 1992 he has worked in Headquarters and Field Offices across the country. He is currently assigned to a Cyber Squad of the Houston Office. Specializing in Computer Security, Network Forensics, "Enhanced Network Capabilities", and Information Security Management, his skills have been applied to develop technical solutions against foreign networks, establish secure domestic networks, and analyze the techniques used during intrusions upon commercial and sensitive networks. Samuel has degrees in Electronics and Industrial Technology specializing in Digital Systems along with a Business minor. He holds professional certifications such as Security+, CASP, and CISM.

Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.

Norman is President and Managing Director of UHY Advisors TAP, Inc., a subsidiary of UHY Advisors, bringing over 25 years of experience in strategic consulting services. Norman advises clients on enterprise risk management, IT assurance and governance, and cybersecurity. He is also an Instructor for courses in Business Ethics, and Governance, Risk, and Compliance at the C.T. Bauer School of Business at the University of Houston. Norman served as VP of Technology for IIA Houston 2011-2014, and served as President of the ISACA Houston Chapter 2012-2016. He maintains several certifications in security and assurance, including: CISSP, QSA, CISA, CGEIT, CIA, CRMA, and CCSA.

Mario Chiock possesses over 37 years of experience in Oil Field operations, IT, Security, Risk, Privacy and Auditing. Prior to his current role as Schlumberger Fellow, Mario was the CISO at Schlumberger where he was responsible for developing the
company’s worldwide, long-term cyber security strategy. He is recognized for his leadership and management in all aspects of
cybersecurity throughout the company as well as within the community.

Through his vision, he successfully transitioned Schlumberger from legacy firewalls to a more robust infrastructure based on next-generation firewalls. His experience in successfully deploying advanced technologies and approaches also spans Incident Response, Advance Threat Prevention, Digital Right Management to watermark & fingerprint sensitive documents. He also implemented federation services to minimize 3rd party risk and created the extended security team to foster collaboration with other IT groups. Mario is also known for applying his Lean Six Sigma expertise for measuring performance and creating

Outside of Schlumberger, Mario has been an active member of the Information Systems Security Association (ISSA) for over 20 years; he has held numerous board positions in the Austin, Capital of Texas Chapter, as well as the South Texas Chapter in Houston. He was president of the South Texas Chapter in 2007, bringing in the “Chapter of the Year” award. He continues to serve on the board. Mario is also an active volunteer trainer for Security Certifications such as CISM, CISA & CRISC certifications, and has mentored many successful CSO & CISO in Austin & Houston area. He is also very active with Evanta as speaker and instructor for their CISO Institute. In 2015 he was a speaker for the SPE and API conference and in 2016 he was a panelist at the GEO2016 conference in Bahrain. In 2018 was awarded the South Central Region InfraGard Award for “INMA Leadership!”.
Mario was recognized as one of the top 25 out of more than 10,000 security executives in the ExecRank 2013 Security Executive Rankings, he also won the 2012 Central Information Security Executive (ISE) “People Choice Award”, in 2014 he is a recipient of the CSO40 – 2014 award, named “ISSA Fellow”, won ISC2 Americas Information Security Leadership Awards (ISLA) and won the “ISSA Honor Roll” award. In 2017 he received the Infragard Houston award of excellence for the Private-Public Partnership in Cybersecurity. He is an active member of the Houston Security community and gives security talks, training and volunteers his IT security expertise to local non-profit organizations. He is currently a board member of the Houston InfraGard Chapter, has served in Executive & Technical Advisory boards of many security companies such as WatchFire (Now IBM), ISS (now IBM), Qualys, and currently is active on the Palo Alto Networks advisory board, he is also serving in the Google Cloud Platform advisory board and strategic advisor to Onapsis as well as Board member.

Mario has a CISSP, CISM & CISA Certifications, and is past chair for the American Petroleum Institute Information (API) Security Sub-Committee and was involved in the formation of the Oil & Gas ISAC. Co-Author of "Navigating the Digital Age, Second Edition."

Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.

Manoj Tripathi

VP, IT & Security, PROS

Manoj Tripathi serves as PROS Vice President, IT & Security. Manoj is responsible for the global IT, Security & Governance vision, strategy, operations and execution. Manoj puts special emphasis on innovative practices to align the IT, Security & Governance frameworks with the business objectives to achieve meaningful and sustainable results in the most efficient way. Manoj is CISSP and C|CISO certified, an accomplished speaker and has presented at multiple security conferences.

Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes